Data protection policy
In compliance with what is set forth in the LOPD (Organic Law for the Protection of Personal Data) and in the application thereof, in particular the LOPD regulations, we hereby inform you that by accepting this data protection policy you consent to your personal data being included in a file owned by Marca Franca, SL, (hereinafter Marca Franca), with registered offices at c/ Copérnico núm. 6, L9, CP-15008, A Coruña (Spain) and Spanish VAT No. B-70360342, which complies with the security measures legally required in said legal texts, for the purpose of managing your reports, claims or complaints.
Likewise, we hereby inform you that in any case you can at any time exercise your legal rights of access, rectification, cancellation and opposition, by sending a letter to “Data Protection” at the above address.
Any report delivered will be considered as confidential and reserved information. For this purpose, the identity of informants in good faith shall be especially safeguarded and they will be protected against any kind of reprisal, discrimination or penalization due to the report sent. Marca Franca shall not at any time disclose the name of the person sending in the report, unless:
-
It is legally required by the competent authority.
-
The Compliance Committee, on seeing the report, deems it strictly necessary for good cause, provided that the informant expressly consents thereto.
-
There are objective reasons for understanding that the report has been drawn up in bad faith (e.g. based on false documentation) and the Compliance Committee asks Marca Franca, SL in writing to provide the identity of the informant, for the sole purpose of initiating the disciplinary measures which may be applicable. Before providing the person’s identity Marca Franca will contact the informant to see if he wishes to provide any further information or documentation concerning the fact reported.
The defendant and the third parties involved (people affected, witnesses etc.) are entitled to know that there is a report against them. This obligation does not imply in any case the disclosure of the identity of the informer, or any data which would enable them to discover or deduce the informer’s identity: they are only entitled to know:
(i) that the incident was reported through the ethics channel implemented in the company
(ii) what the incident reported is
(iii) that the system is confidential and there will be no reprisals by the organization
(iv) that the data might be reported to judges or courts, or the individuals or entities considered pertinent, involved in any phase of the investigation
(v) the registered address of the file owner which is dealing with the information
(vi) the purpose of managing the data
(vii) the way of exercising rights of access and the address to do so (but never access to the identity or personal data of the informer), rectification, cancellation and opposition.
(viii) the consequences that a false report can have. The deadline for formalizing this notification shall be 3 months from the date when the report was received.